<!DOCTYPE html>
<body>
  <script src=/resources/testharness.js></script>
  <script src=/resources/testharnessreport.js></script>
  <script src=/permissions-policy/resources/permissions-policy.js></script>
  <script>
  'use strict';
  var same_origin_src = '/permissions-policy/resources/permissions-policy-private-state-token-issuance.html';
  var cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
    same_origin_src;
  var test_desc_begin = 'Permissions policy header "private-state-token-issuance=*"';

  test(() => {
    try {
      new Request("https://issuer.example/", {
        privateToken: {
          version: 1,
          operation: "token-request"
        }
      });
    } catch(e) {
      assert_unreached();
    }
    try {
      const xhr = new XMLHttpRequest();
      xhr.open("GET", "https://issuer.example/");
      xhr.setPrivateToken({
        version: 1,
        operation: "token-request"
      });
    } catch(e) {
      assert_unreached();
    }

  }, test_desc_begin + ' allows the top-level document.');

  async_test(t => {
    test_feature_availability('Private State Token issuance request', t,
        same_origin_src,
        (data, desc) => {
            assert_equals(data.num_operations_enabled, 2, desc);});
  }, test_desc_begin + ' allows same-origin iframes.');

  async_test(t => {
    test_feature_availability('Private State Token issuance request', t,
        cross_origin_src,
        (data, desc) => {
            assert_equals(data.num_operations_enabled, 0, desc);});
  }, test_desc_begin + ' disallows cross-origin iframes.');

  async_test(t => {
    test_feature_availability(
        'Private State Token issuance request', t, cross_origin_src,
        (data, desc) => {assert_equals(data.num_operations_enabled, 2, desc);},
        'private-state-token-issuance');
  }, test_desc_begin + ' and allow="private-state-token-issuance" allows cross-origin iframes.');
  </script>
</body>
